TechCrunch: Sonatype Updates Component Lifecycle Management Platform To Protect Open-Source Components
Published: January 24, 2014 00:00
Software components are a vital aspect of app development. They are the pieces of code that make the software what it is, and they can come from thousands of sources. But they can be subject to tampering. For example, last summer, Chinese hackers exploited vulnerabilities in Struts, an open-source framework for developing Java-based web applications. Struts has been managed under the umbrella of the Apache Foundation. It was recently announced that Struts had reached its “end-of-life” and will no longer be supported.
To help address this issue, Sonatype has updated its component lifecycle management (CLM) technology to protect software developers from using rogue open-source components that could be used to attack any kind of software, including an app for your phone or even your car or heart monitor. The technology then automates the process for enforcing policies that help provide assurances to the software developer that the components are okay to use.